[Snort-users] Newbie question
tilayia at ...125...
Tue Mar 5 17:29:11 EST 2002
Well, I assume that because it's a Network IDS, it sniffs packets. Will it
let me (for example) write a rule that looks for certain HTTP requests,
without specifying the whole IP packet (i.e. can it intelligently decode the
protocol stack?). Since with TCP, a given request could be split across
multiple packets, can it decode a whole stream (like Ethereal does)?
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
More information about the Snort-users